package com.sjcq.demoexample.config.shiro;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.shiro.mgt.SecurityManager;

@Configuration
public class ShiroConfig {
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }


    // 1.创建自定义的对象
    @Bean
    public MyselfRealm myselfRealm(){
        return new MyselfRealm();
    }

    // 2.创建系统默认管理器,添加自定义对象到管理器中
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager defaultWebSecurityManager(MyselfRealm myselfRealm){
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(myselfRealm);
        return defaultWebSecurityManager;
    }

    // 配置过滤链
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        // 创建一个对象
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        bean.setSecurityManager(defaultWebSecurityManager);

        // 配置拦截
        Map<String, String> filterChainDefinitionmap = new LinkedHashMap<>();

//        // anon过滤器 此过滤器代表放过拦截 不需要权限也能访问
        filterChainDefinitionmap.put("/css/**", "anon");
        filterChainDefinitionmap.put("/images/**", "anon");
        filterChainDefinitionmap.put("/js/**", "anon");


        //登录
        filterChainDefinitionmap.put("/login","anon");
        filterChainDefinitionmap.put("/testhtml","anon");

        // 只要登录的人就能访问page2
        filterChainDefinitionmap.put("/page2", "authc");

        // perms权限过滤器 必须拥有某项权限才能访问对应路径,已经写到Controller上的注解
//        filterChainDefinitionmap.put("/userList", "perms[user:page1:page2:page3]");
//        filterChainDefinitionmap.put("/logList", "perms[user:page1:page2:page3]");

        // **代表所有路径 除以上路径外都拦截 authc代表权限拦截过滤器
        filterChainDefinitionmap.put("/**", "authc");

        // 将过滤链添加到对象中
        bean.setFilterChainDefinitionMap(filterChainDefinitionmap);

        // 登录要跳转的界面
        bean.setLoginUrl("/toLogin");
        // 登陆成功跳转的界面
        bean.setSuccessUrl("/index");
        // 没有权限
        bean.setUnauthorizedUrl("/Unauthorized");
        // 注销
        filterChainDefinitionmap.put("/logout", "logout");

        return bean;
    }

    // thymeleaf整合shiro,不然权限没用
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }

}
